Known Vulnerabilities for products from Pivotal Software
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Pivotal Software".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-31683 json | Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a... | 5.4 - MEDIUM | 2022-12-19 | 2023-08-08 |
| CVE-2022-27772 json | ** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory h... | 7.8 - HIGH | 2022-03-30 | 2023-11-07 |
| CVE-2022-22950 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-04-01 | 2022-06-22 |
| CVE-2021-26987 json | Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are suscep... | 9.8 - CRITICAL | 2021-03-15 | 2022-04-07 |
| CVE-2021-22118 json | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to... | 7.8 - HIGH | 2021-05-27 | 2022-10-25 |
| CVE-2021-22112 json | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versi... | 8.8 - HIGH | 2021-02-23 | 2023-11-07 |
| CVE-2020-5421 json | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, t... | 6.5 - MEDIUM | 2020-09-19 | 2023-11-07 |
| CVE-2020-5419 json | RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for... | 6.7 - MEDIUM | 2020-08-31 | 2022-03-17 |
| CVE-2020-5415 json | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity... | 10 - CRITICAL | 2020-08-12 | 2020-08-19 |
| CVE-2020-5411 json | When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code... | 8.1 - HIGH | 2020-06-11 | 2020-08-07 |
| CVE-2020-5409 json | Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthent... | 6.1 - MEDIUM | 2020-05-14 | 2020-05-15 |
| CVE-2020-5408 json | Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x p... | 6.5 - MEDIUM | 2020-05-14 | 2021-06-14 |
| CVE-2020-5407 json | Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML... | 8.8 - HIGH | 2020-05-13 | 2023-11-07 |
| CVE-2020-5399 json | Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A ... | 7.4 - HIGH | 2020-02-12 | 2020-02-27 |
| CVE-2020-5398 json | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an ap... | 7.5 - HIGH | 2020-01-17 | 2023-11-07 |
| CVE-2020-5397 json | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Sp... | 5.3 - MEDIUM | 2020-01-17 | 2022-07-25 |
| CVE-2019-11292 json | Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, ... | 6.5 - MEDIUM | 2020-01-09 | 2023-11-07 |
| CVE-2019-11291 json | Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior ... | 4.8 - MEDIUM | 2019-11-22 | 2022-07-01 |
| CVE-2019-11287 json | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions... | 7.5 - HIGH | 2019-11-23 | 2023-11-07 |
| CVE-2019-11283 json | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user wit... | 8.8 - HIGH | 2019-10-23 | 2021-08-17 |
Known software with vulnerabilities from Pivotal Software
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pivotal Software | Application Service | 2.0.0 |
| Application | Pivotal Software | Bosh Cli | 0.0.100 |
| Application | Pivotal Software | Cloudfoundry Uaa | 2.3.0 |
| Application | Pivotal Software | Cloudfoundry Uaa Release | 10 |
| Application | Pivotal Software | Cloud Foundry | 241 |
| Application | Pivotal Software | Cloud Foundry Cf-deployment | 0.0.0 |
| Application | Pivotal Software | Cloud Foundry Cf-release | 100 |
| Application | Pivotal Software | Cloud Foundry Diego | 0.1014.0 |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.0 |
| Application | Pivotal Software | Cloud Foundry Ops Manager | 1.7.0 |
| Application | Pivotal Software | Cloud Foundry Php Buildpack | 1.7.0 |
| Application | Pivotal Software | Cloud Foundry Smb Volume | - |
| Application | Pivotal Software | Cloud Foundry Uaa | 1.0.0 |
| Application | Pivotal Software | Cloud Foundry Uaa-release | 10 |
| Application | Pivotal Software | Cloud Foundry Uaa Bosh | 12.3 |
| Application | Pivotal Software | Concourse | 0.1.0 |
| Application | Pivotal Software | Credhub-release | 0.1.0 |
| Application | Pivotal Software | Credhub Service Broker | 1.0.0 |
| Application | Pivotal Software | Gemfire | 1.0.0.0 |
| Application | Pivotal Software | Greenplum Command Center | 1.2.2 |